mailing list archives
ARP scanning bug in nmap?
From: "RaMatkal" <RaMatkal () hotmail com>
Date: Mon, 20 Mar 2006 11:17:30 +0200
Firstly, great work on nmap!!
I was performing a pen-test on a clients network a few days ago and was having a few problems with nmap 4.00.....
i was sitting on the same subnet as a wireless device i was trying to scan....
wireless ip was something like 10.51.20.20/16
and my ip was 10.51.25.25/16 though i was not attached to the wireless network....
I could ping the wireless device with no problems but when i tried to scan the device with the usual nmap -sS -vv -O it
came back with an error saying no ARP replies were found...
I think i read somewhere that the new version of nmap first does an ARP scan if the device u want to scan sits on the
same local network (which i was)....but for some reason nmap was not recognising the ARP responses.....(i wander if
this has to do with the fact that i was on the same subnet as the wireless device but i was not attached to the
wireless network...ie maybe only the access point replies to the ARP requests when it is attached to a switch and not
the wireless devices communicating through it...)
anyways, i tried using the -P0 to turn off the Ping and ARP scan but nmap still could not scan the device and said an
ARP response was not returned from the device....
in short i tried several methods to scan the device but all failed with the same error...
However, when i scanned the device with Nessus i had no problems....several open ports were found...
Is there a way to switch off the ARP scan like you can switch off the ping scan with -P0
Thanks very much...sorry for the long email, and great work again!
Sent through the nmap-dev mailing list
- ARP scanning bug in nmap? RaMatkal (Mar 20)